Can Boards please confirm if there was a data breach in users email addresses being publicly exposed on the website? I have seen a post where a user has mentioned that they were able to see another users email address on their profile.
Are we 100% sure those people who's email are public, ticked that box to make it public? It definitely wasn't a bug during migration?
Imagine the carnage if this had happened when the ex-Boards lusers were doxxing users here on Voat.
Bug or not, it should only have been visible here to logged in members, not everyone with Internet access.
Was it confirmed that private messages were not accessible or searchable ?
Again, consistent ignorance to this issue by you.
Are you deliberately being obtuse, not capable of understanding the issue or are you just looking for a debate which you are clearly incapable of winning?
Your counter points are also highly irrelevant to such an extent that they don't warrant a response, however, I will.
1. Nobody who "checked the box" knew their details would be accessible by a Google search....that's the issue here btw. You're welcome.
2. I willingly give my email address (a spam one) to anyone I authorise to have it, nothing precious about it.
There's a big difference in both cases here which I'm sure you will choose to ignore.
If you can't appreciate the fundamentals of PERSEC and what can happen when it goes wrong, then its best if you don't share your opinion on it.
If they weren't visible to Google wouldn't they only need to sign up again to make those public emails visible anyway? Makes no difference to someone targeting particular users.
If I search my username on Google I get this (hopefully pic works...):
(edit: have removed pic as cached links lead to personal info)
Now, I'll point out that these are dead links, even when signed in - I can't see the actual messages. They also seem to be very old PMs. And these seem to be the only ones (I'd have many more recent ones). But SOME PMs at least seem to have been indexed at some stage.
edit: ignore, it was actually visitor messages. not PMs.
Christ of Almighty. Google cache has already exposed one real name and phone number from that.
No, those are from the old site and are what were called visitor messages. They were always publically viewable. See the cached version here: [redacted]
Ah OK, apologies for that - had forgotten about visitor messages. I've removed pic above as cached link gave some personal info (I actually did check to see if it was cached before posting, but looked in the wrong placed for the arrow....).
I am fairly certain that when the migration was completed that I had to de-select the email option. It was shared by default.
Mine wasn't.
I remember looking at the options on my profile, and nothing was ticked. (And I didn't tick anything subsequently.)
I think I had the same experience.
I'm quite sure mine wasn't ticked, I remember noticing my email on my profile straight away and checking it wasn't public immediately.
I am fairly certain I had to do the same - glad I am not the only one thinking this. I have been questioning if it is my memory but I distinctly remember a small fright. There were 2 boxes, upper was checked, lower unchecked and I immediately had to uncheck upper and check lower while thinking OH NO! It was within hours of re opening boards so I do think it is possible that initial default settings were at least briefly so.
I remember being alarmed that the option to have members see your email was even there in the first place but it was definitely unticked for me. I did get a bit of a stroke seeing my email there in all it’s glory on my profile page, but realised later it’s just like that from my POV and other users can’t see it. A strange addition all the same, I don’t see why it’s needed. All it does is give users momentary coronaries. However I’ve tried since to set my profile to private but I can’t due to my awkward username. A complete pain
Thanks @Mickeroo for removing the screenshots there.
The feature was switched to OFF for all users when we migrated. For the small number of people who had it ticked since, we disabled that for them yesterday so no one should have that ticked now. We will be removing that feature completely asap. As stated yesterday, we will be contacting those affected directly to let them know what has happened.
Thanks all.
Can your email be removed from your profile altogether too? Or have it written underneath that nobody can see it. It’ll save a lot of panic for new and old users alike, and I’d say save a lot of time for yourselves too having to answer the same questions from users who just noticed it
FYI boards staff your dmarc/MX or whatever method of domain verification hasn't happened so all mail is going to spam.
I can try and see will it let me set your profile to private if you want, let me know and I will give it a go.
Yes please! Thanks
Sorry, I got the same error as you it seems. I could try changing your username if you like, I suspect that's the only way it will work but I also suspect it won't let me change it back to what it is now. I presume the ":" is the issue.
Yeah that’s what I thought. It’s okay, I’ll wait it out until it (hopefully) gets rectified. Thanks for trying!
No problem.
@retro:electro just be aware no one can PM you if your profile is private except (I presume) mods and admins.
It's not like old Boards, but then what is?
Oh no I don’t like that either 😭
Even though I haven’t even sent a PM since the new update. I just don’t trust it!
Yep, no more random PMs, you now need to trust the person not to add others to the chat. 😒😏
And you can't delete them. Which is well out of order. We have zero idea and waning trust that they'll remain private in the way they were.
You also can't put someone on ignore if their profile is private.
We can do bugger all really except scream into the abyss and hope for a response.
It's getting to the stage where it all seems futile.